Title: A backpressure technique for filtering spoofed traffic at upstream routers

Authors: S. Malliga, A. Tamilarasi

Addresses: Department of Computer Science and Engineering, Kongu Engineering College, Perundurai, Erode 638 052, Tamil Nadu, India. ' Department of Computer Science and Engineering, Kongu Engineering College, Perundurai, Erode 638 052, Tamil Nadu, India

Abstract: Ever increasing rate of Denial of Service (DoS) attacks presents severe security threats to the internet. In this study, a backpressure scheme to filter DoS attack traffic at the earliest possible is presented. This paper utilises markings stamped in the packets by the routers to detect DoS attacks. To improve the accuracy of detection, the detection process is augmented with hop count values from IP header. A backpressure technique partially deployed at the upstream routers is also proposed to prevent congestion at victim. Simulation studies show that our scheme drops most of the attack traffic at the earliest time.

Keywords: DoS attacks; denial of service; security; packet marking; hop count; backpressure; partial deployment; DoS attack traffic filtering; detection accuracy; simulation; DoS attack detection.

DOI: 10.1504/IJSN.2010.030718

International Journal of Security and Networks, 2010 Vol.5 No.1, pp.3 - 14

Published online: 31 Dec 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article